我已经配置了最后一个mysql8版本,用ssl,不是生产,只是测试vm学习sql。所以我可以使用ssl自签名证书,这是服务器cnf
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
log-error = /var/log/mysql/error.log
default_storage_engine =InnoDB
innodb_autoinc_lock_mode =2
innodb_flush_log_at_trx_commit =0
innodb_buffer_pool_size =128M
binlog_format =ROW
require_secure_transport=true
tls_version=TLSv1.2
ssl-ca = /etc/ssl/certs/yellow.priv.crt
ssl-key = /etc/ssl/private/sql2.yellow.priv.key
ssl-cert = /etc/ssl/certs/sql2.yellow.priv.crt
wsrep_on =ON
wsrep_provider =/usr/lib/galera/libgalera_smm.so
wsrep_node_name ="sql2"
wsrep_node_address ="10.3.0.6"
wsrep_cluster_name ="galera4"
wsrep_cluster_address ="gcomm://sql1.yellow.priv,sql2.yellow.priv"
wsrep_provider_options ="gcache.size=128M; gcache.page_size=128M"
wsrep_provider_options="socket.ssl_key=/etc/ssl/private/sql2.yellow.priv.key;socket.ssl_cert=/etc/ssl/certs/sql2.yellow.priv.crt;socket.ssl_ca=/etc/ssl/certs/yellow.priv.crt;socket.ssl_cipher=ALL:!EXP:!NULL:!ADH:!LOW:!SSLv2:!SSLv3:!MD5:!RC4:!RSA"
wsrep_slave_threads =4
wsrep_sst_method =rsync
这是客户端 $HOME/.my.cnf
[mysql]
user=myuser
password=mypass
database=mydb
ssl-ca = /etc/ssl/certs/blu.priv.crt
ssl-key = /etc/ssl/private/slack64.blu.priv.key
ssl-cert = /etc/ssl/certs/slack64.blu.priv.crt
ssl-verify-server-cert=false
host=sql2.yellow.priv
当我尝试从“slack64.blu.priv”客户端进行连接时出现错误
mysql
ERROR 2026 (HY000): SSL connection error: self signed certificate in certificate chain
我试图在服务器 cnf 中添加这一行
ssl-verify-server-cert=false
但服务器无法启动。
LDAP 有这个选项可以避免验证
TLS_REQCERT allow
mysql 有类似的东西吗?
编辑:服务器是mysql8,客户端是mariadb-10.5